Netgate pfSense Reviews

I use pfSense at home, and my friends and family use it in their homes. I'm also the IT solutions administrator for a council of governance organizations, and I use it for them. I use pfSense Plus at home and the community edition at some of my friends and family's houses.

I pfSense Plus at home and use the community edition at my friends and family's houses. I have used the community edition multiple times in labs, but I use pfSense Plus for all of my enterprise applications.

I started seeing the benefits when I began playing with it at home 10 years ago. It was an immediate success when I put it in enterprise locations because it was much cheaper than WatchGuard. I was familiar with pfSense, so I quickly trained my staff on it. They know how to operate everything well in pfSense.

With pfSense, you can do a failover. I have used that before, and I see it as a benefit, but there are some drawbacks. You have to use multiple external IP addresses to set it up, but it works well. However, I don't use the failover anymore because of the price. You can have two of these things on the shelf, and in the event of a failure, you can get another one up within five minutes by throwing it on there, configuring it, and plugging it in. That's my failover plan for all my main locations.

PfSense's visibility enables me to make data-driven decisions. I love the way they do geoblocking. You can see where you're improving. The logging ability is diagnostic. You can see all kinds of data. For example, when I make a new rule, Immediately know what's going through that rule. That visibility is very helpful in knowing immediately if my rules are being applied correctly. 

The most valuable feature of pfSense is that it's a stateful firewall. I also like the way the rules are implemented on the firewall. It makes things much easier to see at a glance. 

PfSense is the most flexible device I've ever used. It's open-source software. I've used all the big names, including Palo Alto, WatchGuard, and Sophos. In terms of dependability, this is the best of them. 

It's simple to add and configure features and easier than some of the big competitors like WatchGuard. The front dashboard on pfSense is very customizable. You can get it at first glance. Everything you need to do is in that single box. It shows you if your LAN and interfaces are up. You can see what kind of traffic is going across each interface because they give you a traffic graph that you can do for each interface. 

You can see if your gateway is up and precisely how much data passes through each interface. I like how you can get direct visibility over your IP address updates. If you're not running a static IP address, there's another cool thing on the front page where it shows when the dynamic DNS updates. The way you can customize that dashboard is cool. I haven't seen that with other firewalls, and pfSense gives you good visibility at first glance.

I don't think pfSense's web filtering solution is the best, so I don't use it for that purpose. They could add a little better web filtering solution to pfSense. They have solutions in place, like SquidGuard, but they aren't very good. 

Another feature about pfSense I would improve is adding a single pane of glass management for multiple units I manage across the municipal district. I would love to manage all those devices through one single pane of glass, but that's not a deal breaker for me.

We have used pfSense for around 10 years.

I rate pfSense 10 out of 10 for stability. I've never had a Netgate system fail on me.

The scalability of pfSense is great. It costs very little to expand to multiple systems across multiple locations. It'd be better if they had a mass edit platform where you're running multiple systems. I've heard quite a few people in the community talking about that. I heard someone in France was developing a dashboard that gives you visibility across multiple boxes, but the cost of deployment is very cheap. It's easy to put boxes out there and write rules for them. 

I rate Netgate support 10 out of 10. Most of the tech people I have contacted seem to know exactly what they're doing. They've got, like, 10 people named Chris working support. Every Chris that I've ever spoken to has been spot on. Every once in a while, if I call after hours or something, I might get someone who isn't as adept at it, but they quickly escalate it to someone who can fix the issue. 

Positive

I have used Palo Alto, WatchGuard, and Sophos, and all the major competitors, but I would compare pfSense to WatchGuard, the one I have the most experience with. In my type of environment, pfSense wins hands down over WatchGuard because it's a stateful firewall. One thing I've hated about WatchGuard is that it's not a stateful firewall. It's rules in and rules out. You end up getting thousands of rules over a four or five-year period. PfSense enables you to put notes on your rules. 

If you have a question about a rule, you can read the note you made when you made that rule. Having the ability to document your rules in the dashboard has been a game-changer for me. After you have used a stateful firewall, it's hard to go back because it's much harder to make rules on both sides. 

Deploying pfSense is as easy as any other system. It helps that pfSense has a massive user community and some great YouTubers, so you can go to YouTube University and become a professional with pfSense quickly. You can learn to do some complicated edits and set up complex VPNs. It takes only 20 minutes from start to finish. For maintenance, you only need to update it when the updates come out and change the configuration of your rules as needed. 

PfSense offers huge savings. The price is the lowest in the business. The only thing you can use in place of pfSense is a fork like OPNsense. I'm more familiar with pfSense, so I never got on the OPNsense bandwagon. 

I rate Netgate pfSense 10 out of 10.

We are a large church, and we use Netgate as the main firewall appliance. We have multiple WAN connections coming in, and we have about 500 endpoints connected to our network, so we use it to make all the bits travel where they need to be.

We were using some other products that were closed-source, and they did not have some of the features that I liked. I liked OpenVPN. In terms of the VPN infrastructure, I had a lot of great information from people online. I could follow a lot of reviews and very good technical documents. It was about unchaining myself from a different licensing program that was charging me almost an extortionary rate for a firewall appliance but did not give me any better security than I would get through pfSense.

I like the idea of packages because I work on Linux all the time. Adding packages is a nice way of adding features. We do iPerf3 testing. With just a few clicks, I can have an iPerf3 server set up on my pfSense. All the tooling has been easy to integrate.

Everybody loved it when I switched over to the VPN. It was easy to use. OpenVPN has a great piece of software. Everybody loves how easy it is to use the VPN to get onto our network but also how secure it is. 

The fact that I do not hear much about it is one of the best parts. The Internet has not been 100% solid here, but we never get to know it because the WAN failover takes us from one endpoint to another without even noticing it. I had the Internet provider come, and he was going to change some hardware. He was asked if we needed to tell anybody. We did not because they would not even know that we were doing it. That is a pretty good feature that it works so flawlessly. If you are going to take your main connection to the Internet down, you have two backups, and nobody is going to know the difference.

I can look at my network as a whole. It is great to see the traffic on my network. I can see where it is coming from and where it is going, and I am able to follow through. The screens are helpful for telling the story of what is going on at the moment with the data. I look at my firewall quite often. If there are any questions, that is one of the first places I go to for troubleshooting.

pfSense Plus and the service program have definitely helped minimize downtime. The fact that I have help on the way anytime I need it is great. I do not have an estimate about the reduction in the downtime because as soon as I got here, I swapped over. I do not have any previous data points on that.

Running their hardware and software helps a lot with the performance.

The customer support is very good. Setting up the VPN is pretty straightforward and easy. 

We have multiple VLANs, and with assistance, it was easy to get everything set up and running in our organization the way we needed it to. We have the flexibility and the ability to adapt things over time as needed. When I needed to add an extra WAN connection, I could. It was not locked behind a paywall. I did not have the issue of not having enough ports on the machine for that. I had all the ability and all the hardware I needed to do all the things that I needed.

When we were setting up VLANs, there was some information about the way the ports, switching, and other things were done inside. Their UI could have hidden some of the complexity better so that it was easy to understand or more general. They could have given some more clarification on the markings on the outside of the machine. There were some questions as to what port was what and how that links to what was being asked in the software. Those things were not always very clear.

The features that I wanted have been added, but I have not taken the time to look at them. I am a big fan of WireGuard, and they have added that, but I have not taken the time to install it yet. Its features are complete for our needs. If I have to ask for anything, it would probably be more education on bolting on some of the XDR platform stuff that is out there, but it is feature-complete. I know that all this exists. It is just taking the time to get educated on it, which is probably on my side.

I have been using Netgate pfSense for about three years.

I have not seen any downtime, so I have to give them a ten out of ten on that. There has not been a time when it has not done what it needs to do.

There is a long way to go above me, but I would not be looking to change if we grew by a lot. I would rate it an eight out of ten for scalability, but I do not know what it would be like in a data center.

It is being used at a single location. We are a fairly large church that has quite a bit of data flowing in and out, but we have just a single location. It is me who works with it, and I have a junior sysadmin and our managed service provider working with it. Three of us interface with it.

They are amazing. They are great. They followed through very well when I had issues. Usually, the issues I had were kind of self-inflicted wounds, and they walked right through everything with me with great continuity. I cannot say enough good about them. I would rate them a nine out of ten.

Positive

We used Sophos. One of the main reasons for the switch was the license model. The way they charge for their software was pretty expensive. I did not feel that we got a lot for those IT dollars. I knew that I could set up pfSense and pay for the service plan so that I have a live person on the other end to help me when I needed it and it would still be way under what we were paying for Sophos.

It is deployed on-prem. We have a couple of Netgate appliances. We have one that is a spare and we have one running in production. In case one goes down, we will just move over to the other. We have a couple of pieces of equipment in our rack locally.

My managed service provider helped me with the deployment. In one night, it was done. It was pretty painless.

In terms of maintenance, there are always updates to do.

There were three of us involved, and it took about four and a half hours to get everything configured. From taking out the old to getting the new in and getting it configured took about four and a half hours.

Compared to what we were doing with Sophos, it provides a great value financially and in terms of time savings. For the most part, I do not have to mess with it. It does not require me to go in and touch it unless I have something I want to change, and that is a win. The upgrades are easy, and they have been flawless. That is a good return on investment. That dollar is well spent.

We are probably paying about 30% of what we were paying previously.

The price is fair. I buy the Netgate hardware so that I can support pfSense and Netgate and I have somebody designing the next layer of software for me in the future. I like their model. It is a high-value piece of equipment with a great team behind it.

With the inclusion of firewall, VPN, and router functionalities, we get a good value.

I would recommend it because it is a good value in terms of the price, performance, scalability, and usability of the metrics that it gives. It is definitely what I would go with.

I would rate pfSense a nine out of ten. It would be a ten if they offered free training and told me about what the free training is. There are probably a few things out there like that, but more one-on-one free training would be the main thing they can do better.

I primarily use it for hybrid home/business power usage at a very small scale. It is both home and business because of working from home. pfSense is serving us as the main routing firewall and network configuration tool. It is the front-end brain for everything in our mixed environment.

pfSense allows me to manage both home needs and business needs and keep them relatively separate or at least appropriately separate. A key feature was to be able to use a small-scale device. I am using Netgate SG-1100, which is built to run pfSense on an RM platform. It has low power consumption, and it is economical. I did not need massive amounts of compute power, but I did need the feature set that typically, you can only get in enterprise-grade product lines such as Cisco.

pfSense is extremely flexible. The areas where I find it very flexible are the sheer number of configuration tools that are available and the extra packages that can be used to augment the core functionality. Even within the core functionality, it is capable of adapting to a massive number of different scenarios and network environments and needs. You can adapt to the needs of your network environment to the outside with ISP and internal needs. You can accomplish what you want to achieve internally with the product. It seems to have pretty much everything under the sun laid out.

It is pretty easy to add features to pfSense and configure them. If I am adding something for the first time, the web GUI is the most helpful tool because the layout is pretty logical in terms of how the forms are organized and fields are named and described. There are help callouts, and, of course, documentation. I have always found the official documentation to be helpful, but it is not uncommon to do some forum searching and read the discussions. Other people might be following a workflow that does not fit quite cleanly in there, but they made it match. Typically, it is pretty easy. Some of the things that I have done with pfSense are not inherently easy processes, but I feel that pfSense has made them much easier than they would be on different platforms.

I was able to realize its benefits immediately. I am an IT professional, but my use of pfSense is not as an IT professional. It is more like a solo entrepreneur for my wife and her business. When I look at the network administration that I am doing here, it says a homeowner and a business co-owner. IT and networking are not the kinds of things I want to dominate my time. It should not be dominating my time spent. From that standpoint, I was able to get the baseline configuration set up so quickly when I first set it up about seven years ago. I definitely felt a big value-add with the configuration backup and restore process. The first time I broke something on pfSense, I was able to revert my last configuration very quickly. That was a big win.

In terms of pfSense helping to prevent data loss, auto configuration backup is probably the number one feature. When I think about data loss in pfSense, I would mostly be concerned with losing the configuration itself. Having my own backups but also having Netgate backups available for me to pull down helps. I just have to make sure I keep the encryption password, and we are good to go. That is a big win.

I use pfSense Plus. I am pretty sure that auto configuration backup is a Plus feature. I am on my second generation of official Netgear appliance, so my experience with the Community Edition is limited. I am not sure if this feature is available to others, but for minimizing downtime, having the auto configuration backup is a big one. There is a restore option for quick reverts if a change did not go quite well. They are incremental, so reverting to whatever snapshot or revision version I need to revert to is very easy.

pfSense does not give a single pane of glass management, but I also would not expect that because it is doing so much and is capable of doing so much. In my environment, it is managing so many different aspects of the whole Netgate, but there is not a single pane. I use the logs a lot, but I have to look through individual logs. I am not aware of any log aggregation and analysis components that are already baked into pfSense. As I understand it, I need to ship my pfSense logs into another system to do a higher-level analysis and insight querying. An area that I am interested in working on is effective outbound traffic filtering. It is on our priority list because it is a tricky one. You do not want to let any outbound traffic go, but you also need to be careful how you are filtering outbound traffic so that you do not break things you are relying on for your functionality. A lot of people use a web proxy, but that only catches web traffic. With smart home devices and business stuff going on, you have to pay attention to it. I am very interested in being able to analyze the traffic logs that are being captured by pfSense with an IO, the outbound traffic, and the existing and potential firewall rules that I have in place for those. My current efforts have been focused on doing so with a different product because I do not believe that pfSense delivers that. I honestly did not expect that it would.

iperf helps with performance. We are able to do iperf bandwidth tests as both client and server to various endpoints and turn on a quick listener and see what is going on with who can get where fast. The diagnostic menu list is probably the longest one in there. That is a good sign because it just means that they have got a lot of tools available for me to use if something is not quite working right. If I want to improve performance, I have to take a measurement and take a look at what is going on currently and compare that to what I would expect to see. There is a wide variety of toolsets. I am not asking for this because it is not the kind of system that I would want to run, but there is no troubleshooting or performance improvement wizard that kind of walks you in a logical step. I know that there is one initial configuration wizard that is meant to get people going quickly for the first time and in a fairly simple setup, but even that was not a great value to me because I want to get quickly into more advanced configurations. It has what I expect for performance tuning.

Being able to configure VLANs on such a small device is one of the key unique features that made it attractive to me.

pfSense is very flexible, but my only drawback in terms of flexibility is that it is web GUI-driven. I know that there are some shell interfaces, but it is not a very heavily developed API when it comes to automation or configuration-as-code management. I would love to see that developed in the future so that I am able to manage my network configuration in YAML and TOML text format, have those changes applied in a source code environment, and have those changes read into an API that could then drive the configuration rather than have always having to use the web GUI just to make some layout changes. Web GUI has its advantages, but there are times when being pinned into that workflow is less efficient.

They should support the idea of configuration management as code from source code and provide a more robust API for managing the pfSense configuration. I know that with the web GUI, everything is dumped into an XML file. That is how it is backed up, and that is how it is imported. It is machine-readable and all that, but it is not necessarily a modern data format that would be used with API typically. They are maybe thinking of moving to REST API and SQLite backend. I do not know what they have in mind. I do not really care how they do it, but I would love to have the ability to interact with my configuration and make incremental changes via source code and utilize the API to implement those changes and roll them back with configuration as code as a strategy for managing my pfSense.

It has been about seven years.

The device is rock solid. I have not had any hardware concerns or issues. I do not have to reboot it. If I am having some kind of network issue, I do not have to restart my pfSense. Why I wanted the free BSP base is that I know that the core layer is rock solid. It is possible that something could happen where I would need to restart, but it almost never does.

It may have been with the older device for which I have worked with them twice. I opened a ticket to get the download link for recovery firmware on the SG-1000, and they gave it to me. That was very easy. That was fine. They responded quickly, no big deal. I appreciate it. I did not really need support. It was something that I could not get directly from the website myself.

I am not sure, but when I bought SG-1000, I might have had to send it back. They sent a replacement. It was less than a year since I had it. I still had a full warranty on the hardware. At some point, everything froze, and all functionality completely stopped. I tried the power cycle, and it would not even boot anymore. They did the serial console connection, and it literally was not even booting. They opened up a case and verified the same symptoms that I described. They replaced the board and sent it back to me, and it worked. It was solid from that point for five years that I continued to use it. After that, I upgraded it. Every once in a while you get bad hardware, but I was glad I could just send it back. The biggest fear I have, and probably the only reason I still have the old one lying around is that if something were to happen to this hardware and I had to send it back for support, I need to be able to keep my network running in the meantime. Even as a home and home business user, you start to creep into that space where you start to think that this is critical. How do you get by without the Internet? I know that I could get Internet back up, and I could plug in any off-the-shelf routers lying around and get basic Internet service back up, but the question is how much work would I have to put in to restore other services that pfSense is performing. I recognize that I did not invest in a high availability solution for my home and home business, so that is just a risk that I have to take.

I would rate their support a ten out of ten. There is nothing difficult about it.

Positive

Prior to my first pfSense appliance, back in 2017, I was running DD-WRT, which is not a commercial alternative. It is an open-source project that does not even have a paid or commercially supported version. It is meant to be flashed onto OEM hardware as a replacement for their firmware. pfSense can be used like that, but Netgate is doing something different with the commercial support and building the appliances and all that. In terms of the baseline functionality, DD-WRT is very similar.

In terms of comparison, pfSense is much more robust. It is a comprehensive solution for networking needs that bridges the gap between a shelf router and building a full enterprise stack, which would be overkill. Most small businesses and home users would not want to do that, make that kind of investment, and keep that kind of compute running all the time. pfSense lands right in that sweet spot. I know that OPNsense and a few other software products are out there. There are some Linux-based ones. I am definitely a fan of pfSense being built on free BSD. That gives me greater peace of mind with the networking stack and everything. I am a Linux guy too, but when it comes to core services, I prefer free BSD. If I have to, I might just go with the vanilla, free BSD system and build it out with automation from scratch, but pfSense does all that for me. I do not have to do all that initial work. They have got the configuration and tuning done already.

If you have general networking knowledge and understand the terminology, it is very easy. It depends on how detailed or how extensive is your configuration and what is the target use case. Are you using a VPN? One of the features I use is OpenVPN.

I go through the box. I have a single WAN connection. I have half a dozen VLANs configured. I have a VPN remote access interface configured. I have got DHCP servers. I also have IPv6 configured. I have extra configurations for each interface that need to be considered, including the VLAN interfaces. There are also firewall rules.

You can start with the baseline, and you can get the thing up and connected to the Internet easily within five to ten minutes. Once you start doing your internal configurations and firewall rules, it scales pretty quickly. With a couple of VLANs, like I have, you spend another half hour to get the VLAN to spec out. With OpenVPN, you have to work on certification generation and certificate matching and exporting. Configuring the client's side tends to be time-consuming. If you have four clients, it could take another hour to three, and then there are firewall rules. It depends on how you write them. If you write your rules well, you do not need to have so many of them. It also depends on how you configure your space. I have a lot of interfaces and a lot of rules. With a good, clear plan and no guessing and backpedaling, you could probably redeploy what I did in three to four hours, but it would actually take longer because of mistakes, troubleshooting, and all that.

In terms of maintenance, I certainly keep up with updates from upstream and make sure that I am aware of any software updates that I need to install. I like to stay updated with patches and all that. That was the main reason I finally upgraded from SG-1000. It was no longer getting the updates. There is always a bit of extra maintenance. It is not because pfSense demands maintenance. It is because the environment demands continual maintenance and monitoring. Paying attention to logs is a healthy practice.

I always make updates via pfSense whenever I am making updates in the environment for adding new DHCP reservations for various hosts in the environment and other things like that. I moved my local DNS services from pfSense because I had to go into the web GUI and clumsily add in new host entries. It was getting burdensome. I just wanted to be able to do this in a text file like I could on a Linux server. You just add your entry to the host file and you are done. I moved to DNS services on the Pi-hole software. Pi-hole is a partial competitor because it does not do everything pfSense does, but it can do some of the things. It focuses on ad blocking and filtering as well as providing local DNS resolution. A nice thing with Pi-hole is that you can literally open up a text file and add your entries there, and they just start working. You do not have to move from a terminal-based workflow to get that change made. Clicking through a web browser is not my favorite. It is a disruption to a workflow. So, maintenance is directed by requirements in the environment.

I buy the appliance and accept whatever comes with it, but I am not bought into paid support. When it comes to the pricing of the appliances, they are pretty competitive. The price is pretty competitive.

I just bought a Netgate SG-1100. Within the past year, I upgraded my Netgate SG-1000 from 2017 to Netgate SG-1100. I looked at some of the higher-spec products, but they started to get pricier. For example, Netgate 2100 was a consideration. The difference between the 1100 and 2100 is double. I looked at the specs of 2100 and what it could deliver. I did not need all the extra specs. I do not need to perform at that level although it might be nice to have some extra ports on my box. I then looked at 1100. I could get by with those specs. It was an improvement over the tiny SG-1000 that I was running, so it was a win, but the question always is whether there is something competitive and similar that I can build for less money and whether it would deliver the same value. You can get these Small Form Factor PCs. You can get ARM systems and x86 systems and similar form factors. You can get them with multiple NICs already installed. This is more or less your hardware with no support. You get a warranty on the hardware, but they are not selling you the software. You put whatever you want on it and build your system. You can install pfSense CE on that or build your own router on a device like that. Why I chose to buy it from Netgate was the peace of mind of the full stack support because it is probably the most critical portion of my entire home network. I decided to invest a little bit more and trust somebody else a little bit more to have my back. Peace of mind comes from having bought the official appliance. It has a very reasonable and competitive price model.

In terms of the total cost of ownership, you have the hardware price. You are combining the price of any hardware support contracts that you may or may not be paying for and somehow estimating the administrative time that is required to actually manage the system itself and billing somehow for that appropriately. That is a tough one because that is where there is a gray area of home business usage. Aside from that gray area, the investment rolls off very quickly. I can recoup this investment within a year.

I would rate pfSense a nine out of ten. It is delivering on my needs. There is little room for improvement. They can just close the gap. You always want to keep closing that gap when it comes to usability, inconvenience, and meeting the workflow, but it is definitely delivering to my expectations very well.

It's a straight-up front edge router used in various scenarios for front-ending multiple websites and multiple web applications for various marketing scenarios which require certain back-end firewalling that you would need to utilize. We found that it works much better than others. It's not like the Ciscos, which, at the time, were incredibly expensive and difficult to work with unless you had a CCNA who was programming it for you.

I was looking for routers that were capable of doing multiple firewalling, which it does. We wanted it for setting up demilitarized zones and setting up some failover for WAN for the internet. We looked at that, and we played around a little bit with Untangle. pfSense was just far easier to get configured and working, and there were no hidden costs or fees involved, which made it very nice to use.

They have a whole section of package management that you can add stuff to. We use pfSense to do a little bit more than what we would or what I would normally do today in a medium to large enterprise.

The flexibility of pfSense is fantastic. You can use it in a number of situations. I have it running on my home Netgate. At the same time, I can just put it on a slightly larger machine and run a massive, highly trafficked web environment. It will run anywhere.

It's easy to add features to pfSense and configure them assuming about web networking and routing and traffic through an edge router scenario. For a home user, it's probably a lot more than they would get through, but they wouldn't need to since you can just install it, and it just works right out of the box. Just about everything is easy. It's extremely well documented, and the amount of help that's available is fantastic.

I saw the benefits of pfSense immediately. When you need your router to do something more than, for example, a store-bought router for home, you immediately see it since now I can do things. I can set up multiple LANs. I can create a firewall between the LANs. I can open up a full demilitarized zone or just port forward into specific LANs and have the LANs porting between themselves in various ways. You don't get that stuff in your normal consumer-grade solution. You have to spend a lot of money to get a serious data center router - and on top of that, you need to get somebody to program that from the command line, which is very expensive. In contrast, pfSense has a graphical user interface, which makes it all very straightforward and easy to use to set up some pretty sophisticated routing scenarios.

I don't use pfSense to prevent data loss as I have backups, both on-site and off-site backups. It's effective for preventing data breaches.

pfSense gives users a single pane of glass as a type of management. There is everything in one instance. It has a graphical user interface. It'll come up with a dashboard that you can customize to put whatever you need to see up on there. I can customize the dashboard to show me the most important things to me. It's incredibly intuitive.

Managing multiple devices is easy enough. You just log in remotely to the device, and it's all connected through the IP. It's really quite simple.

There are two versions of pfSense: the community edition, which is free, and the plus version, which is paid. I'm using the paid one presently.

The solution minimizes downtime. Once it's configured, it works. I don't have to worry about it. I fully know it backwards and forwards since I've been using it for 15 years now and it pretty much just works. I have certain instances of pfSense that haven't even been rebooted in years since it's up and running and it keeps running, and it runs well. I rarely need to touch certain my installs after they've been set and configured.

The solution provides visibility that enables data-driven decisions. It has logging. It has intrusion detection systems, which will give you a whole lot of data that you can make decisions on. For example: Who do I need to block? Is somebody trying to attack me? It'll allow me to collect all that information to make critical decisions regarding exposing certain resources to the internet.

pfSense helps optimize performance in combination with the hardware that it's running on. That will determine what kind of performance you're going to be getting out of the box. It's a very lightweight software package. Depending on the hardware, you can hit it with lots of traffic, and it won't even hiccup.

I would like to see more active updates coming out of the developers. I like the FreeBSD. That said, the developers in FreeBSD are less productive than what you see out of the Linux community, where there are millions and millions of developers. Being FreeBSD-bound, it seems they're short of developers who have to specialize in that operating system.

I've used the solution since 2009.

The solution never crashes and never lags. It works. You fire it up, and it will work for the next 50 years. As long as the hardware is working, pfSense will just go on and do its thing.

Scalability all comes down to hardware. When you put pfSense on more robust hardware, it performs pretty well. 

For the paid version, if I have an issue, I need to open a ticket. Before I had my business going, I used the community, and it worked it worked just as well. I haven't had a need to call support. However, I pay for pfSense Plus support in case something happens that's over my head that I need to speak to an expert about.

I contacted them when I had a question about a Snort setup, which is for intrusion detection and prevention. It turns out you have to contact their specialist, and that Snort requires you to pay extra for that help. It's a third-party plugin for pfSense. However, in relation to pfSense, issues, I have not needed help. 

I've used Untangle and Cisco routers, and I've tried OPNsense.

I prefer pfSense. I'm comfortable with it. It's rock solid. I've never had an issue with it. I tell it to do something, and it does exactly what I tell it to do.

I have purchased NetGate appliances for customers. For my business, I have hardware that I've repurposed for pfSense.

The initial deployment, either way, is very easy. It would probably be easier than most commercial routers that people buy.

A simple instance where you're just using a firewall router with one LAN can take less than five minutes. You just install the software. It picks up the WAN IP and gives you a LAN IP, and it's up and working as quickly as the software will install, which is usually less than five minutes on most devices and most hardware.

I do the deployments myself. I don't see where a team would be required for this. It's just a firewall router. If you need a complicated setup, it might take one person, a couple of days of planning, and then implementation. That said, I don't see where you would need a team to do that unless you're installing a bunch of other network hardware at the same time, multiple switches, or a ten-gig, one-gig type of scenario. However, that's not a pfSense issue.

In terms of maintenance, generally, there is none. It will update itself. I see very few critical security updates. Most of them are our feature updates. I have certain installs that have been running without rebooting for five years, and it just installed them. Mostly, I'm leaving it alone.

The pricing is reasonable for what it is. I usually put it on my own hardware. The licensing for me is relatively inexpensive for what I'm getting out of it.

The Total Cost of Ownership (TCO) is fantastic. You can use the community edition and get expertise from the manufacturer. It's quite reasonable. It's quite a good setup.

I'd rate the solution nine out of ten.

I'd advise potential new users to install it, plug it in, get to know it, log into it, and you'll start to see how easy and robust it is. The more you use it, the more you learn, and you'll like it as much as I do.

We currently use pfSense firewalls at our branch offices and central server locations. I have implemented TAC enterprise support on three of these firewalls, with the installation of the third scheduled for this weekend. Our network infrastructure relies on VPN tunnels between sites, and I have successfully deployed an always-on OpenVPN solution that significantly outperforms our previous SonicWall VPN system.

Installing packages on pfSense is straightforward, although the quality of package documentation varies. While I understand this isn't Netgate's responsibility, the installation and configuration process for these packages is remarkably user-friendly, relying almost entirely on the GUI. In my experience, I've rarely needed to resort to the command line, but I'm certainly not averse to it when necessary.

I immediately recognized the advantages of pfSense. Its ability to support custom hardware installations allows me to tailor solutions to the specific needs of each branch location. While I've had excellent results with Netgate's pre-built hardware, the option to construct higher-specification systems myself, all while maintaining support, is incredibly valuable. The difference compared to our outdated SonicWall is night and day. I previously built a pfSense firewall on a Dell server for a business handling high traffic volumes, and its performance was exceptional.

pfSense helps me prevent data loss by utilizing firewall aliases and other DNS-based filtration methods to block access to shadow IT and third-party cloud data transfer sites, providing some control over data movement.

While pfSense doesn't offer a centralized overview of multiple firewalls, it provides extensive customization options for each firewall's homepage. This allows for detailed monitoring of VPN tunnels, interfaces, and other components. I appreciate the ability to add, remove, and customize widgets on the homepage for tailored information display.

Helps minimize downtime. I have set up the high availability with one location, which works flawlessly.

Provides visibility that enables us to make data-driven decisions about network capacity, including throughput and the ability to handle traffic.

pfSense has significantly improved our performance by optimizing our always-on VPN. The recent release of the OpenVPN data channel offload feature, which was quickly adopted and supported by Netgate pfSense, has revolutionized our Windows laptop VPN solution. This new feature is nearly ten times faster than the previous OpenVPN without data channel offload, and its thorough documentation encouraged us to implement our always-on VPN ahead of schedule.

pfSense's greatest strength lies in its customizable package installation, detailed logging capabilities, and ability to manage log history, including sending it to Vault Logs via Syslog. OpenVPN support is exceptional. When I inquired about setting up an always-on VPN, the engineer swiftly and fully understood my needs and provided expert guidance. Netgate support's in-depth knowledge of included features is truly impressive.

I would like clear guidance on supported network interface cards, including detailed performance metrics for various models. While I understand the focus on selling appliances, more comprehensive documentation for those building their own systems would be beneficial. Specific throughput numbers and other statistics for Intel, Broadcom, Mellanox, and other cards are needed. Additionally, reinstating the ability to visualize long-term RRD data through built-in graphs would be valuable, as the current live traffic display offers limited insights.

I have been using Netgate pfSense for ten years.

I have not experienced any crashes in the production systems. The only crashes I've encountered have been while running unstable development builds, which is expected. However, excluding power outages, pfSense itself has been one hundred percent reliable in my experience.

If you invest in hardware capable of handling increased bandwidth, performance remains unaffected. We haven't observed any spikes in CPU utilization or memory usage. Even with a jump from a 50 megabit to a 500 megabit internet connection and approximately 65 active VPN clients, our firewall operates smoothly without any strain. Our small businesses handle the load effortlessly.

I have exceptionally high praise for the Netgate technical support team. In the three or four times I've called support, I've always reached an engineer within 20 minutes, which was the longest wait time. Every time, they've quickly addressed the issue once verifying firewall support. Their knowledge and willingness to assist are impressive.

Positive

I have experience with FortiGate, Dell, SonicWall, Cisco, and numerous consumer-level firewalls. While I am not the most seasoned network engineer, I have worked in the field for a considerable time, encountering a variety of solutions. Among these, pfSense stands out as exceptionally customizable and intuitive. Given the inherent complexity of networking, pfSense has made the subject as accessible as possible.

Deploying a pfSense box is straightforward when I'm physically present. Remotely guiding someone unfamiliar with operating system deployment presents more challenges. However, on-site deployment is remarkably easy, even simpler than installing a Linux server. 

Deploying a Netgate pfSense appliance is straightforward, even for network engineers without experience with the platform. The setup wizard is intuitive, requiring minimal networking knowledge. Subsequently, the configuration interface is user-friendly, allowing those with moderate networking experience to navigate and manage settings efficiently. Building a custom solution would depend on hardware expertise and operating system deployment skills, but utilizing Netgate appliances is notably easier.

The Netgate appliance I recently purchased took less than an hour to install, with most of that time spent gathering necessary information from the internet provider.

pfSense pricing is reasonable. Whether purchasing appliances or support, I hope they're charging enough to sustain their exceptional support services. Whether you opt for a bundled appliance and support or standalone support for a custom-built device, the pricing remains impressively fair.

When considering the total cost of ownership, pfSense is a compelling choice for a solution that incorporates firewall, VPN, and router functionality. Initially, I explored purchasing the OpenVPN access server, which would have required a virtual machine due to the lack of a dedicated physical server. However, integrating the VPN endpoint into the firewall aligns better with our design goals. It eliminates the need for a separate VPN appliance, resulting in significant cost savings and improved performance. Testing pfSense with OpenVPN in a virtual environment confirmed that it operates more efficiently on bare metal hardware. Moreover, the licensing cost for the OpenVPN access server would have been comparable to the support fees for pfSense.

The TAC enterprise support is $800 a year per firewall.

I would rate Netgate pfSense ten out of ten. If I could choose a product that was among the least frustrating and nearly flawless I've used, pfSense would likely be at the top of my list.

In addition to initial configuration tasks like routing and applying patches, minimal maintenance is required. Once the interfaces are set up, we configure firewall rules and are ready to go. Patching will be necessary for all platforms, but no specific requirements exist beyond standard practices.

We use pfSense internally to protect our management networks and provide VPN access to our internal staff. We also use it for customers needing a more sophisticated firewall than your home or small business WiFi router firewall package.

We deployed it at work when I got hired because we needed to replace the existing hardware solution. I've used pfSense for over 10 years, so I drew upon the experience from the experimentation I do in my home lab.

We're an ISP that provides managed services. We deploy pfSense as part of a larger solution, usually a contract for managed services. We provide their Internet circuit and a managed firewall so that they don't have to do that themselves. They pay part of the hardware cost—maybe 50%—upfront, and then the rest of it is applied against a contract, after which they will then own the hardware.

We use pfSense as a hybrid within our data centers, with some virtualized instances running pfSense community edition and some as Netgate hardware running pfSense Plus (the higher-end ones because we need a firewall that can handle 10 gigs of throughput). We've got multiple different models of the official hardware deployed for ourselves and some managed customers. They range from small businesses to a professional sports venue.

We use pfSense for work because I was already aware of its flexibility for our needs. The solution provides a great base level of network protection. PfSense is not a next-generation firewall, so it doesn't do in-line virus scanning or offer out-of-the-box IPS/IDS, but that can be covered by a manged antivirus suite and following good security practices. In terms of how secure pfSense is and how secure it keeps your network, it does that very well.

The biggest benefit of pfSense is its ease of setup, especially for VPN — both the end-user VPN and site-to-site VPN. It's easy to add features to pfSense via the package management system. We can just turn things on. They have made it much easier to deploy things like free radius, where we want to have enterprise authentication for WiFi. It's by far the most flexible firewall I have ever worked with. There are also packages for ACME for Let's Encypt SSL certificates, and HA proxy.

The pfSense Plus package has given us peace of mind, but we haven't had to open many trouble tickets with NetGate. Aside from the maintenance and support contract, the only feature we use from pfSense Plus is the wizard for building site-to-site VPNs from our locations to AWS VPCs. Building site-to-site IPSEC tunnels to AWS is a fairly complicated task, so having that wizard made it easier.

I would like a management console to manage and monitor multiple pfSense installs. We have several pfSense hardware devices installed and as far as I know, there is no single, unified pane of glass that I can use to manage all of them at once. That's the one thing I wish I had, just having a good single unified configuration interface for each install. 

I have used pfSense at my current company for at least four years now, but I've used it personally for over 10 years. 

I have to really dig deep to come up with any shortcomings. If you are using VLAN tagging, and making adjustments, restart the DHCP and DNS services manually, just in case.

As far as I know, there isn't a single console from which I can manage multiple installs. That is the only thing impacting their scalability. They max out at 10 gigabits per second, but anything above 10 gigs is such a niche market. To be honest, I doubt that's their target.

I rate Netgate support 10 out of 10. They turn around tickets quickly and their staff is fairly well educated. When I provide detailed information about the problem, they've been able to reply quickly with a solution or go research the problem and get back to us quickly with a fix. It's been pretty top-notch.

Positive

I've used OPNSense, a fork of the pfSense project, as well as Cisco ASA, PIX, Palo Alto, Ubiquiti's Unified Gateway, SonicWall, and FortiGate. Some bigger Ubiquiti firewall products are comparable to pfSense, and Cisco ASA has name recognition. SonicWall and FortiGate offer some enhanced features, like better threat management you get as part of a subscription, some block lists, and some more next-generation firewall features.

Overall, our chosen solution is pfSense, as it balances features and cost. It isn't the best at everything, but it's more than enough for almost everything you can throw at it, and it isn't ridiculously expensive like some solutions. It is massively flexible. Although it is missing some of the more esoteric features, you don't need those features 99% of the time. If you have the budget for it and need to do something more advanced than just the basic firewall, it remains the go-to solution we use every time. It's why I keep a couple in stock on the shelf so that I don't have to order them if we need one for an immediate customer install.

It's incredibly easy to deploy pfSense and takes no more than 30 minutes in a typical small office setup. A typical out-of-the-box setup for a small business can be running in five minutes flat. We usually have a two-person team with someone from our network engineering team responsible for the configuration and a field tech installing equipment on-site.

Regarding maintenance, you need to go back in occasionally and install the most current version of the software. We check for updates every couple of months, and that's it. That's it for maintenance. Once it's installed, we fire it and forget. It's there, and it works.

In-house

Priceless

I would say pfSense is competitively priced. It isn't the cheapest hardware, but I've never had a problem with it. It is far cheaper than big brand names like FortiGate and Cisco while delivering a feature set that's nearly the same across the entire list. The only places it falls short are esoteric features that almost nobody needs.

The support plan is reasonable. The pfSense Plus license with the warranty is either 400 or 800, depending on the level you want. For a commercial customer, that's more than reasonable and a lot cheaper than many solutions. We haven't had any sort of issues with the firewall hardware itself, so it's doing extraordinarily well on the total cost of ownership.

We did side by side comparisons of the feature sets and prices, and drew upon our experience with multiple vendors, including the equipment we had at the time.

I rate Netgate's pfSense 10 out of 10. I recommend turning on the built-in automatic configuration backup so that if you mess something up, you can easily restore the configuration from a backup and get it back up quickly. I also suggest downloading the community edition on a spare computer to play with and break because it's free. 

I use the solution in two of my homes. I have a home in the UK and one more in the US. I have two firewall tools running with a VPN link between them, and it allows me to easily administer and protect both networks, one in the UK and the other in the US.

I can discuss the product's most valuable features if you have a playbook for some of the things you want to hear about or expect me to touch upon.

The tool's most valuable features revolve around its ease of use. It is a resilient product with a very easy-to-use interface. The learning curve for the product is very simple. I also like the core packages included in the tool, making my firewall a one-stop shop for stuff like DNS and VPN usage. The tool has a lot of packages available. I like the product's in-built packages. I use WireGuard VPN, and it is very good. I use IPSec, the built-in DNS product in the tool. I can also link the tool with my UPS if the UPS has an outage in the northeast region where people experience electricity cuts. The software I use on Netgate pfSense acts as a kind of choke point and sends messages throughout my network to start shutting down during electricity cuts. My firewall is a ground zero area for me on my edge. All the packages in the tool allow me to protect my network. It serves as a Layer 4 product since Netgate pfSense doesn't do anything like other products offering Layer 7. As a Layer 4 product, Netgate pfSense is very strong since I can easily create very advanced firewall rules, which I wouldn't be able to create as easily with other solutions, especially if they don't come with more than 10,000 or 20,000 USD as the price tag. Palo Alto, Check Point, or FortiGate are expensive firewall products compared to Netgate pfSense. I don't think Netgate pfSense really competes with Palo Alto, Check Point, or FortiGate, but the latter set of tools may make it feel like Netgate is trying to compete with them. I work for a major security firewall vendor, and I don't think Netgate pfSense competes with it. Netgate pfSense provides SMEs with a significant amount of value for not a lot of cash.

It is very easy to add features to Netgate pfSense. Now remember that Netgate pfSense does not attract an average IT person. The tool attracts people with two profiles, including CCNA-certified or very sophisticated firewall administrators, hoping they can help use some of the pretty advanced features in the product. The second profile of the tool's users would consist of those who are getting started or want a better firewall than what their carriers or the provider provides them with so that they can learn about firewall devices. They want to learn about networking by using Netgate pfSense. For both profiles, the tool offers a very linear learning curve. The documentation in Netgate pfSense is very strong.

The benefits related to the product can be experienced immediately after the product is deployed. I wanted to replace EdgeRouters from Ubiquiti for my use cases, which have now gone into a deprecated mode. I wanted a tool that could offer me the functionality of EdgeRouter, and I was happy to pay more for a product that could provide such features. Compared to EdgeRouter, I had to spend 700 to 800 USD on both the final units from Netgate pfSense for both of my homes. I chose Netgate pfSense since I wanted a tool with a set of more updated functionalities and a solution that can be considered an easy replacement product for EdgeRouter. I saw immediate value in Netgate pfSense from day one.

A single pane of glass is a vast term. If I were to define a single pane of glass, I would say that it is something from which you can see everything from everywhere in a single dashboard. The single-pane-of-glass feature within the tool's user interface is one of the core aspects of the product. In my opinion, the tool has a very strong dashboard.

Netgate pfSense can minimize downtime easily since it is easy to put it in a high-availability configuration.

Considering that the tool offers a Layer 4 firewall's functionalities, I can say that Netgate pfSense provides visibility that enables me to make data-driven decisions. For example, the firewall fits into two markets. The north-to-south market is where Netgate fits in with Palo Alto, Check Point, Sophos, and Cisco. There is also the east-to-west market where I work since it is where my employer is currently. When you talk about the visibility of data, you are looking for either north to south or east to west. In terms of the visibility from east to west, which is based on application to application or data center within a data center, Netgate pfSense will not be helpful at all. From north to south, I get visibility over what is coming into my network. For example, I can easily capture dump traffic using the in-built features in the tool and run an SNIP on the traffic. I can see what's coming in and inspect those packets, and I can do that all within the user interface, which is a new feature in the tool that is very strong. I like the tool's new feature. The tool has very easy-to-consume logs, and it is very easy for me to export them into a SIEM server if I want to do some kind of mass data warehousing and sorting.

With the inclusion of firewall, VPN, and router functionalities, if I assess the total cost of ownership of Netgate pfSense, I would say it is very large.

I think the tool requires more strategic improvements than we need it to be in the present. With Netgate, considering that I work in a firewall market, I know that its problem is not just in its features. It needs improvements in terms of the strategic vision, where the product should go, and what market it should be for in the future. Netgate needs to figure out if they want to strive for the SMB business and the home market or if they want to attempt to reach out at an enterprise level. 

I don't think Netgate knows where they want to go with or without a plan. I think Netgate is still trying to devise a plan by itself as to which market it wants to fall into, which can make it more profitable for the tool. There is nothing that Netgate pfSense could do to make me feel any better about the product. I love the product, and I will use it until I die. It is a really good product. Improvements are needed in the area of the company's strategic vision and based on where the solution needs to go in the future. I spoke about north to south and east to west since the world is moving towards the concept of zero trust. If you are a CISO or a CIO and you are trying to achieve a zero-trust architecture, you need to check if Netgate is on your list of companies that would help you achieve it. If I consider the CIOs I speak to, Netgate doesn't even get mentioned in our talks.

I do not require improvements in the product. It is feature-complete. As a firewall, Netgate pfSense can be described as a very feature-complete product for the market space in which it currently operates.

Strategy and vision of the product are the areas with shortcomings where improvements can be made so that Netgate pfSense can figure out where the product should go in the future. It will provide Netgate with choices like whether it wants to go towards a zero trust architecture if it wants to go towards the east-to-west direction if it wants to go towards big enterprise or go into Layer 7 traffic. My answer regarding the need for improvement in the product is going to be more of a strategic-based one rather than from a technical point of view because the product is excellent.

I have been using Netgate pfSense for five years. I am an end user of the solution.

Stability-wise, I rate the solution a ten out of ten.

The solution's scalability is tricky, and it all depends on the context. It is infinitely scalable for me, and my company has 150 devices in my network, which may be nothing. Suppose a company like J.P. Morgan says they want to use Netgate Netgate as their north-to-south firewall. In that case, you may face big scalability problems because, at such a level, tools like Check Point or Cisco have custom silicon chip designs to support their workloads. For SMBs, the scalability part is not an issue. I don't think Netgate pfSense can offer much scalability for big enterprises.

I have contacted the solution's technical support team. The quality of the answers provided by the technical support team is good, and the responsiveness is exceptional. I rate the technical support a ten out of ten.

Positive

I have used many solutions that can be considered alternatives to Netgate pfSense. I can compare Netgate pfSense with FortiGate since Netgate is priced similarly but falls at a lower end when compared to Fortinet FortiGate. FortiGate is a better product for an enterprise. For home usage and small and medium-sized enterprises, Netgate pfSense can be a stronger choice than FortiGate. For home use, Netgate pfSense is very much preferable.

Even for an unskilled person, the tool's deployment phase would be easy to manage. It is a very easy product to consume because it has a lot of WYSIWYG and built-in wizards, along with a very easy graphical user interface.

Deploying one instance of Netgate pfSense can take around five minutes, and only one person does it. Regarding the other tasks, our company has firewall products that handle more than 100 or 1,000 workloads, and two to three people manage them.

A limited amount of maintenance is required from the end of the tool's users. It is just to adjust the firewall rules as and when necessary to meet the business needs, like in patching, where Netgate pfSense does a very good job while also being very responsible and quick to respond to zero day and CVE alerts. The tool is superb and very impressive, but it can be described as a very low-overhead product because, by nature, firewalls under the north-to-south are for static workloads, which is where Netgate's market is currently. Those workloads are not changing for now. You put Negate pfSense into your system and forget about it, which can be considered as a whole other problem in firewall products, but I won't go too deep into it because that is why there are 20 years of rules in firewalls and no one maintains it because you just set it up and forget it.

I bought Netgate pfSense Plus since I have to use the firewall in both my houses, so I have four solutions. I have made certain payments using a subscription-based model to use Netgate pfSense Plus.

If I were a part of Netgate leadership or running the company, I would clear out a few areas on the strategy side of the business. I work for a major enterprise where an SME or the tool is needed. Netgate's strategy regarding Netgate pfSense Plus for home users or labs was very misleading in nature and handled very badly. I have opted for the tool's subscription-based pricing model. a subscription, and I am very happy to pay the money money, which comes to around 130 USD for two years, which is nothing for me. Netgate handles the tool's subscription-based pricing model very badly.

I think Netgate pfSense's pricing or licensing models are fair enough. I think the way Netgate pfSense handled its previous pricing model with regards to Netgate pfSense Plus was an area that was misleading for users. Overall, what I pay for the product is very reasonable.

There are no features in Netgate pfSense that help prevent data loss. One can use a DLP tool to manage data loss.

The visibility in Netgate pfSense does not help me optimize performance, and I think it is because I am a pretty advanced user on the command line. I wouldn't rely on the visualization part for any advanced performance.

I have never used Netgate pfSense on Amazon EC2 virtual machines.

My suggestion to those who plan to use the product would be that they need to read the solution's documentation, utilize the community forums and shouldn't be afraid to fail. It is easy to recover from failure with Netgate pfSense since it has configuration change logs along with very easy rollback abilities. In the newest version, if you make a change and you reboot, it just snapshots you back to the new change, which is excellent.

I rate the solution a ten out of ten.

I use pfSense as my primary home router and edge gateway. My professional background is primarily in security engineering, though I focus more on pre-sales technical engineering. Due to my extensive experience in direct and security information management over the past decade, I leverage pfSense's capabilities to generate much of the data in my SIM system. This data is essential for laboratory purposes, testing, rule development, and use case creation. As a result, pfSense is a crucial component in securing both my home network and laboratory environment.

I appreciate pfSense's flexibility because I previously encountered issues with hardware reliability. While I'll eventually order dedicated pfSense hardware, I experienced consistent problems with SSD corruption. Frustrated with this, I considered switching to OpenSense. However, I discovered its potential after running pfSense in a virtual environment. The ability to easily create snapshots and recover from mistakes is invaluable. Ultimately, I've decided to continue using pfSense virtually due to its flexibility and convenience.

The ease of adding features and configuring them in pfSense depends on a user's familiarity with FreeBSD and network analytics. While I have extensive experience building firewalls from raw FreeBSD, pfSense offers a user-friendly interface that accelerates setup for newcomers. Its underlying FreeBSD foundation allows advanced users to access and configure low-level features. I appreciate pfSense's intuitive GUI and the secure default configuration provided during initial installation.

After the initial setup process, I immediately recognized the value of pfSense. The straightforward configuration questions provided a solid foundation, making the benefits apparent. While every implementation requires tailored adjustments, pfSense offers a versatile platform to explore various use cases. My primary focus was extracting in-depth information beyond standard firewall logs, such as detailed Suricata events and DNS server activity. As I delved deeper, I discovered pre-built packages that simplified data export to tools like Prometheus and InfluxDB, often meeting most of my requirements without extensive customization.

The advanced pfSense firewall rules offer significant advantages, such as implementing threat intelligence to block malicious actors from accessing our network. Configuring pfSense for radius or two-factor authentication can enhance security by preventing unauthorized access to our environment. These features are among the reasons I appreciate pfSense.

pfSense offers a centralized view of network data, but its built-in dashboards are sufficient for many users. As a fan of Grafana, I prefer a consolidated approach and could utilize pfSense data through either Prometheus or InfluxDB. However, extracting all data for central aggregation, as I'm accustomed to in threat management, aligns more with my preferred workflow. Nevertheless, the ability to customize dashboards within pfSense to monitor firewalls, DNS, and other critical services is valuable and meets the needs of many users, including those focused on point-of-service operations.

pfSense offers several features designed to minimize downtime, including failover, synchronization between routers, and ZFS snapshotting. While these tools effectively reduce downtime, I believe virtualization snapshotting and backups provide the best solution for my needs. Ideally, I would have multiple pfSense routers with a redundant setup, but budget constraints currently limit me to virtualization. Ultimately, the best approach depends on individual requirements and resources.

pfSense provides visibility that enables me to make data-driven decisions.

pfSense's visibility into system performance enables optimization at various levels. The initial user interface provides valuable information about RAM usage, active services, and general health. In contrast, more advanced users can access in-depth kernel-level data for granular insights into system behavior. By offering tools for novice and experienced users, pfSense empowers practical understanding and management of system resource allocation.

I appreciate pfSense's foundation on FreeBSD, which enables me to leverage additional FreeBSD packages for expanded functionality. WireGuard, a core feature I constantly rely on, facilitates my home and mobile devices' constant connection to my home network, allowing complete traffic monitoring and filtering. I value Pia ad-block's effectiveness in network traffic filtering, ad blocking, and malware prevention. Unbound's flexible DNS server complements the robust firewall, which is user-friendly and flexible for rule creation.

I've encountered persistent issues with the solid-state drives built into pfSense hardware devices. The devices consistently malfunctioned despite repeated attempts to resolve the problem, including complete reinstallation. Power outages significantly contributed to the issue, as frequent system corruption occurred following these events. Even after reformatting, bad sectors persisted on several drives across at least three purchased devices. Unfortunately, this has rendered some units utterly unusable due to recurring disk corruption.

While there seems to be support for virtual environments, I believe some modules specifically support VirtualBox. Unfortunately, I've had to customize my own setup again. To accommodate users on platforms like Proxmox, I need to install the QEMU Guest package to provide native support for such environments, similar to other open-source virtualization solutions like KVM. Out-of-the-box QEMU Guest support would be beneficial. I appreciate the inclusion of Suricata, Snort, WireGuard, and Telegraph, which work well behind the scenes. The Prometheus node exporter is also present. Having used pfSense for a decade, I continually discover new functionalities. Surprisingly, some features I needed were already available, but better discovery mechanisms within the product could help users explore them. I would like to see out-of-the-box QEMU support.

I have been using Netgate pfSense for ten years.

Stability has been a concern for me. Hardware-wise, performance has been inconsistent. Software stability has also been an issue, particularly during significant upgrades. I've encountered various problems that required troubleshooting. However, I've noticed a substantial improvement in stability and ease of use for upgrades and patching over the past year or two. While there have been occasional setbacks, such as with the new packet exporter feature, pfSense has become much more reliable overall.

The scalability is good because I started with a simple network, WAN, and LAN setup and expanded it to multiple LANs, VPNs, and internal networks.

Technical support has been good, especially for hardware issues. Whenever my image was corrupted, I could always count on them to send a new NISO image within a few days without questions. However, I don't need much support for configurations or other technical aspects as I prefer to experiment and learn by trial and error in my lab environment. That's the fun part for me.

Positive

I was going to move to OpenShift, but I never made the jump. Eventually, I think my saving grace was my ability to virtualize pfSense. Once I do that, I can bounce back from misconfigurations or something wrong. I have had no problems with pfSense since I got off the harness.

A skilled networking engineer unfamiliar with pfSense can easily configure a firewall. Setting up a NAT barrier between internal and external networks is straightforward; this functionality is included by default. VLAN configuration and other initial setup questions are addressed during the product's initial setup process, the specifics of which depend on the intended use case.

The average time to set up one pfSense box is 15 to 20 minutes.

One person is enough to deploy pfSense. 

I prefer the software licensing model. In contrast, hardware costs can be substantial; I once paid around $400 for a piece of equipment, perhaps two or three years ago. I believe they've made improvements since then, although I can't recall the exact model number, as I moved from the smaller SG 1100 to the SG 2100 to accommodate more advanced features requiring additional RAM. Unfortunately, I encountered another hardware failure with the latter.

The cost of ownership is low, especially when purchasing the pfSense Plus and virtualizing it.

I would rate Netgate pfSense eight out of ten.

I use the paid version of pfSense because I constantly was replacing faulty hardware. The previous physical appliances struggled to handle the network load, so I switched to a virtualized solution.

pfSense can be essentially set and forgotten in basic configurations, but utilizing advanced features like Suricata IDS and TF blocking necessitates regular maintenance to ensure rule updates and system synchronization. Consistent care and attention are required for optimal performance in these scenarios.

I recommend that new users keep things simple with pfSense. While I enjoy pushing my products to their limits, simplicity contributes to a more stable system overall.